Hello everyone,
I have next setup: 1) Main office with Fortiget 40C as router/firwall (lets say IP of external inteface is 8.8.8.8 and LAN network behind it ( 192.168.24.0/24) 2) VPS server in Cloud. It stand behind 2 routers/firewalls (first one is CentOS (lets say IP of external inteface is 8.8.4.4) -managed by cloud provider, second one is Endian Community - managed by our side. Both of them using NAT.
Cloud provider did port-forwarding for us to access to that server via RDP (its look like this 8.8.8.8:4555->>10.1.40.120:8888-->>>192.168.0.1:9999)
Hand made picture in attachment ;)
Question1: am i right that for Site-to-Site IPsec i need next opened ports - UDP 500 and 4500 in these whole sequence?
Question2: what if cloud provider have this ports reserved (UDP 500 and 4500), is there is possiblility to point Fortigate 40C to send packets with Phase1 and Phase2 data to custom ports?
Thank you.
PS. Im familliar with IPsec tunnel creating, but never had 2 NATs in between ;)
PS2. Cloud provider said that they currently sold all Real/White IPs, and cant give us any :(
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Problem resolved: Cloud ISP gave us Public IP address. After this Site-to-Site IPsec between Endian Firewall and Fortigate was easily configured.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.